Privacy Policy

Section 1 - Personal Data Processor and Processor

Zone 2 technologies Ltd., a Bulgarian limited liability company, register with the Bulgarian Commercial Register under UIC 206921440 and VAT number BG206921440, with seat and management address at Bulgaria, Sofia 1000, Izgev region, Iztok district, 6 Dr. Lyuben Rusev Str., fl. 5, ap. 81 ("Zone2" or "We" or "Us") is a provider of software, consultation services and other products: Zone 2.

Zone2 is a Processor of personal data in within the meaning of art. 4, item 8 of the GDPR, and as such is also responsible for the processing of your data fairly, transparent and secure way – as required by the Regulation and national legislation, in the scope of Processor’s rights and obligations.

This Privacy Policy relates to the activities of Zone2 ("the Processor") in operating the zone2.tech website and providing products and services through it. In order to comply with legal requirements, with this Privacy Policy the Processor provides you with information about your rights, the type of personal data that is collected, the basis for processing it, how it is stored and used, and when it is provided to third parties.

Pursuant to the Processor's obligations under Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), the Processor ensures that the processing of personal data such as name, address, telephone number and email address will always be in accordance with the Regulation and applicable Bulgarian data protection legislation.

You can address any questions related to your personal data to our team by email: contact@zone2.tech.

Section 2 - Personal data we collect

As a Processor of the website zone2.tech (the "Website"), Zone2 collects and processes personal data of users of the website, necessary for their registration, identification and contact, as well as that of the parties with whom there are pre-contractual and contractual relations.

Pursuant to Article 4 of EU Regulation 2016/679, "personal data" means any information relating to an identified natural person or an identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Zone2 processes the following categories of your personal data:

  1. Personally identifiable information: The Processor may collect personal information from you, including your name, address, email address, telephone number, type of legal registration and registered office (where applicable), representatives of such, social media contacts (where applicable) and your website address.

  2. For the purpose of marketing activities, for newsletter and other marketing activities, the Processor collects the following personal data: Email address; Other data provided by you in connection with specific marketing purposes of which you have been informed; Personal data is collected on the basis of explicit consent (Article 6, par. 1, point “a” of the Regulation).

  3. Technical information: Each time you open the Website and/or its various sections, the Processor receives information in the form of an information protocol with the following content:

  • Your IP address and the page from which you were referred to our website;
  • Information about your stay on our website and the sections you have visited;
  • Information about your browser and operating system;
  • Other types of technical information as required by the technical requirements of the information system.

Section 3 - Personal data we do not collect

The Processor shall not collect or process personal data that:

  • reveal the racial or ethnic origin of users or other data relating to their health or mental state;
  • disclose political, religious or philosophical beliefs, or trade union membership;
  • disclose users' genetic or biometric data or data about sexual orientation,

and in the event that the above is shared by users on the Website, it will not be subject to processing except with the express consent of the users.

Section 4 - Purpose for data processing

Zone2 collects and uses your personal data for the following activities and purposes:

  • To facilitate access to the essential functionalities and services of our platform.
  • To allow for the customization and personalization of your interaction with our website.
  • To provide you with our products and/or services.
  • For communication purposes, including responding to your inquiries and reaching out to you.
  • To ensure your ability to engage with our website, related applications, and connected social media channels.
  • To adhere to legal requirements, settle any potential conflicts, and for the purposes of safeguarding against fraud and ensuring the security of our platforms, thereby confirming their use complies with our terms of service.

Your personal data may also be processed if a government authority needs the cooperation of Zone2 in connection with various formal proceedings, including pre-trial, judicial and administrative proceedings related to claims, fraud, etc. In the latter cases, Zone2 discloses only the amount of data requested by the state authorities not exceeding the scope the specific request is made for.

Section 5 - Period for which personal data is stored

Given the interest and needs of users, personal data is retained for the purpose of communication with them or until the moment of a written desire to delete the personal data provided. In all cases, your personal data is stored until the purposes of their processing are achieved.

We collect your data:

  • on a contractual basis
  • when you have given your consent to their processing and on the basis of Art. 6, par. 1, point “a” of the Regulation;
  • if duly requested to do so by a competent governmental or judicial authority;
  • in performance of our obligations to maintain the Website;
  • to comply with a legal obligation that applies to us as processors of your personal data;
  • for the purposes of the legitimate interests of the Processor or of a third party.

By accessing the Website and providing any of the data under section 2 above, you provide your consent for processing your data.

Section 7 - Technical security regarding the protection of personal data

The Processor has implemented all technical and organizational measures necessary for the processing and protection of personal data in accordance with EU Regulation 2016/679 and applicable Bulgarian law.

The measures taken correspond to the specific risks associated with the processing and storage of the personal data provided. Organizational and technical safeguards are in place to protect your data from loss, alteration, theft or unauthorized access by third parties.

In certain cases the Processor may disclose certain personal data to partners or subcontractors who work with the Processor, through the provision of services related to the Processor's activities or assist the Processor in its activities.

The Processor may disclose your personal data to third parties, including such third parties located outside the European Union, subject to the requirements of the Regulation, such as:

  • When organizing games, competitions or promotions, in accordance with the rules of the specific games, here the disclosure is solely between the Processor and the service providers of the relevant game;
  • Third parties with whom the Processor has a contractual relationship for the use of Virtual Private Servers (VPS) and providers of server and cloud services related to the maintenance of the Website;
  • The Processor may share your personal data with third-party payment processing services for the facilitation of transactions you initiate. These entities play a critical role in processing payments, handling credit card information, and ensuring the secure management of your financial data. Our collaboration with these services adheres to the highest standards of payment security to protect your transaction and payment details. This sharing of information is essential for conducting financial transactions on our platform, with all such activities being rigorously governed by this Policy to ensure your personal data is processed in line with applicable privacy legislation.
  • Third parties providing services to improve the advertising targeting of the Processor's services;
  • Generally recognized service providers that have publicly declared compliance with GDPR and e-privacy policies, such as Google and Facebook. Consent also includes the placement and use of marking unique depersonalized identifiers, including with the use of cookies, localStorage or other appropriate generally accepted web technology;
  • Third parties providing services to the Processor, such as accountants, auditors, lawyers, notaries, advertising and PR agencies or companies engaged in data system administration.

The Processor will share personal data with third parties only after explicitly securing the technical and legal mechanisms under which the processing of the shared personal data will take place in accordance with the requirements of Regulation 679/2016 and Bulgarian legislation.

Third parties and partners of the Provider undertake to take all actions to ensure the legitimate processing of personal data in accordance with the privacy requirements set out in this Policy.

Section 9 - Your data protection rights

According to the Regulation, you have the following rights:

Right of access

At your request, you have the right to access the personal data stored about you; You also have the right to request a copy of the personal data undergoing processing.

Right to rectification

You have the right to request the rectification of incorrect, inaccurate or incomplete personal data. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“right to be forgotten”)

You have the right to request that personal data be deleted when it is no longer needed or if its processing is unlawful. Please note that art. 17 of the Regulation outlines the cases in which we are obliged to delete your data. We may be obliged to retain your data, even if deletion is required (for example, to comply with a legal obligation that requires processing under Union or Bulgarian law).

Right to restriction of processing

Under certain circumstances, you may have the right to ask us for the restriction of processing your personal data. For example, you can exercise this right when we no longer need your personal data for processing purposes, but at the same time we need to store it in our systems so that we can use it in situations such as exercising rights or defending claims.

Right to data portability

In certain circumstances, you may have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of this data to another person without hindrance from us if such transmission is technically feasible.

Right to object

In certain circumstances, you may have the right to object to the processing of your personal data and we may be obliged not to process it in the future. You can exercise this right, for example, if we use your email address for direct marketing purposes – in which case, once you object, we will no longer be able to send you marketing materials.

Where the processing of your personal data is based on your consent, you may withdraw your consent at any time without giving any reason to us. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to exercise your rights

To exercise your rights, you can contact us with a written request at contact@zone2.tech. We will respond to your questions and requests without undue delay and at the latest within 1 month. You may be asked to provide information to verify your identity in order to exercise your rights.

Section 10 - Complaint to a supervisory body

If for any reason you are not satisfied with our handling of your personal data, we ask you to first inform us so that we can understand what causes the problem and try to resolve it. We will carefully consider your request and answer all your questions. If you believe that you have not received adequate assistance from Zone2 or that there has been a violation of your rights, you have the right to file a complaint with a supervisory authority. This body in the Republic of Bulgaria is:

Commission for Personal Data Protection: Address: Sofia 1592, bul. "Prof. Tsvetan Lazarov" No 2 Phone: 02/915 35 18 E-mail: kzld@cpdp.bg

Website: www.cpdp.bg

In order to keep this Privacy Policy up to date, it may be changed in whole or in part at any time without special notice. Please check this Policy periodically for updates and the date of the last update will be indicated.

This Policy was adopted on 24.09.2023 and has not been changed since that time.